package org.bouncycastle.crypto.modes;

import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.params.ParametersWithIV;

/**
 * implements a Output-FeedBack (OFB) mode on top of a simple cipher.
 */
public class OFBBlockCipher implements BlockCipher {
    private byte[] IV;
    private byte[] ofbV;
    private byte[] ofbOutV;

    private final int blockSize;
    private final BlockCipher cipher;

    /**
     * Basic constructor.
     * 
     * @param cipher
     *            the block cipher to be used as the basis of the feedback mode.
     * @param blockSize
     *            the block size in bits (note: a multiple of 8)
     */
    public OFBBlockCipher(BlockCipher cipher, int blockSize) {
        this.cipher = cipher;
        this.blockSize = blockSize / 8;

        this.IV = new byte[cipher.getBlockSize()];
        this.ofbV = new byte[cipher.getBlockSize()];
        this.ofbOutV = new byte[cipher.getBlockSize()];
    }

    /**
     * return the underlying block cipher that we are wrapping.
     * 
     * @return the underlying block cipher that we are wrapping.
     */
    public BlockCipher getUnderlyingCipher() {
        return cipher;
    }

    /**
     * Initialise the cipher and, possibly, the initialisation vector (IV). If
     * an IV isn't passed as part of the parameter, the IV will be all zeros. An
     * IV which is too short is handled in FIPS compliant fashion.
     * 
     * @param encrypting
     *            if true the cipher is initialised for encryption, if false for
     *            decryption.
     * @param params
     *            the key and other data required by the cipher.
     * @exception IllegalArgumentException
     *                if the params argument is inappropriate.
     */
    public void init(boolean encrypting, // ignored by this OFB mode
            CipherParameters params) throws IllegalArgumentException {
        if (params instanceof ParametersWithIV) {
            ParametersWithIV ivParam = (ParametersWithIV) params;
            byte[] iv = ivParam.getIV();

            if (iv.length < IV.length) {
                // prepend the supplied IV with zeros (per FIPS PUB 81)
                System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length);
                for (int i = 0; i < IV.length - iv.length; i++) {
                    IV[i] = 0;
                }
            } else {
                System.arraycopy(iv, 0, IV, 0, IV.length);
            }

            reset();

            cipher.init(true, ivParam.getParameters());
        } else {
            reset();

            cipher.init(true, params);
        }
    }

    /**
     * return the algorithm name and mode.
     * 
     * @return the name of the underlying algorithm followed by "/OFB" and the
     *         block size in bits
     */
    public String getAlgorithmName() {
        return cipher.getAlgorithmName() + "/OFB" + (blockSize * 8);
    }

    /**
     * return the block size we are operating at (in bytes).
     * 
     * @return the block size we are operating at (in bytes).
     */
    public int getBlockSize() {
        return blockSize;
    }

    /**
     * Process one block of input from the array in and write it to the out
     * array.
     * 
     * @param in
     *            the array containing the input data.
     * @param inOff
     *            offset into the in array the data starts at.
     * @param out
     *            the array the output data will be copied into.
     * @param outOff
     *            the offset into the out array the output will start at.
     * @exception DataLengthException
     *                if there isn't enough data in in, or space in out.
     * @exception IllegalStateException
     *                if the cipher isn't initialised.
     * @return the number of bytes processed and produced.
     */
    public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
            throws DataLengthException, IllegalStateException {
        if ((inOff + blockSize) > in.length) {
            throw new DataLengthException("input buffer too short");
        }

        if ((outOff + blockSize) > out.length) {
            throw new DataLengthException("output buffer too short");
        }

        cipher.processBlock(ofbV, 0, ofbOutV, 0);

        //
        // XOR the ofbV with the plaintext producing the cipher text (and
        // the next input block).
        //
        for (int i = 0; i < blockSize; i++) {
            out[outOff + i] = (byte) (ofbOutV[i] ^ in[inOff + i]);
        }

        //
        // change over the input block.
        //
        System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize);
        System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize);

        return blockSize;
    }

    /**
     * reset the feedback vector back to the IV and reset the underlying cipher.
     */
    public void reset() {
        System.arraycopy(IV, 0, ofbV, 0, IV.length);

        cipher.reset();
    }
}
